The most intriguing feature is the automatic generation of user accounts. Leveraging Active Directory and global company settings, AWS Cloud Tower enables the creation of AWS user accounts based on job descriptions in Active Directory. This establishes a direct correlation between the user's name, job definition, and the corresponding rules applied to each account.
It is essential to clarify that this isn't necessarily a drawback of the service, but having a clear and concise set of predefined guidelines from AWS for moving existing accounts under AWS Control Tower would be highly beneficial as it would simplify the process and make it more user-friendly.
There aren't any additional features that I feel are missing. However, it's worth noting that Control Tower seems to function as a layer utilizing standard AWS products in the background. Occasionally, the interface may appear less streamlined, with changes in layout based on the underlying products being used. While this doesn't impact functionality, having a more standardized user interface, irrespective of the background products, could enhance the user experience.
It would be beneficial if AWS offered the capability to seamlessly deploy your infrastructure to another region to ensure continuous availability and redundancy.
It could be improved by having a more intuitive graphical interface. It could also include other coding languages like PowerShell and Python, as it would be beneficial for DevOps recommendations.
By making APIs and organizational units more centralized, it would be simpler to pinpoint the source of issues in case of a breach and would ultimately benefit everyone involved.
